From 2a54c3c4958ce42a627dcceb1baf1db770e538aa Mon Sep 17 00:00:00 2001 From: Jeff Robble Date: Tue, 29 Dec 2020 12:35:06 -0500 Subject: [PATCH 01/10] Remove Jolokia strict-checking. --- activemq/Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/activemq/Dockerfile b/activemq/Dockerfile index 0abf7739..feee047f 100644 --- a/activemq/Dockerfile +++ b/activemq/Dockerfile @@ -49,6 +49,12 @@ RUN curl --location https://archive.apache.org/dist/activemq/5.16.0/apache-activ # which prevented access to Web UI outside of container. sed -i '119s/.*/ /' \ /opt/activemq/conf/jetty.xml; \ + # Remove the following to enable ActiveMQ Metricbeat access to Jolokia: + # + # + # + # + sed -i '20,23d' /opt/activemq/webapps/api/WEB-INF/classes/jolokia-access.xml; \ cd /opt/activemq; \ rm --recursive docs examples webapps-demo; From 811d94c025bd93f7bd7a1e6b6413d21ffae3ca7e Mon Sep 17 00:00:00 2001 From: Jeff Robble Date: Tue, 29 Dec 2020 16:17:36 -0500 Subject: [PATCH 02/10] Update to ELK 7.10.1. Add AMQ Metricbeat. --- docker-compose.elk.yml | 17 ++++++++--- kibana/Dockerfile | 2 +- metricbeat/Dockerfile | 44 +++++++++++++++++++++++++++++ metricbeat/docker-entrypoint.sh | 50 +++++++++++++++++++++++++++++++++ 4 files changed, 108 insertions(+), 5 deletions(-) create mode 100644 metricbeat/Dockerfile create mode 100755 metricbeat/docker-entrypoint.sh diff --git a/docker-compose.elk.yml b/docker-compose.elk.yml index db6e64ec..932895d6 100644 --- a/docker-compose.elk.yml +++ b/docker-compose.elk.yml @@ -2,7 +2,7 @@ version: '3.7' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:7.6.0 + image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1 command: - elasticsearch - -E @@ -26,12 +26,21 @@ services: # Disable Kibana apps we don't use. Not all Kibana apps can be disabled. TELEMETRY_OPTIN: 'false' TELEMETRY_ENABLED: 'false' - XPACK_APM_UI_ENABLED: 'false' + XPACK_APM_ENABLED: 'false' + XPACK_CANVAS_ENABLED: 'false' + XPACK_FLEET_ENABLED: 'false' + XPACK_GRAPH_ENABLED: 'false' + XPACK_INFRA_ENABLED: 'false' + XPACK_MAPS_ENABLED: 'false' XPACK_ML_ENABLED: 'false' XPACK_MONITORING_ENABLED: 'false' XPACK_REPORTING_ENABLED: 'false' - XPACK_GRAPH_ENABLED: 'false' + # Enable security yourself: https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html + XPACK_ROLLUP_ENABLED: 'false' + XPACK_SECURITY_ENABLED: 'false' + XPACK_SPACES_ENABLED: 'false' NEWSFEED_ENABLED: 'false' + MONITORING_ENABLED: 'false' ports: - '5601:5601' depends_on: @@ -42,7 +51,7 @@ services: - node.role == manager filebeat: - image: docker.elastic.co/beats/filebeat:7.6.0 + image: docker.elastic.co/beats/filebeat:7.10.1 command: # Allow filebeat's own logs to be collected - -e diff --git a/kibana/Dockerfile b/kibana/Dockerfile index 9c59116d..56b543f1 100644 --- a/kibana/Dockerfile +++ b/kibana/Dockerfile @@ -26,7 +26,7 @@ # limitations under the License. # ############################################################################# -FROM docker.elastic.co/kibana/kibana:7.6.0 +FROM docker.elastic.co/kibana/kibana:7.10.1 COPY docker-entrypoint.sh /scripts/ diff --git a/metricbeat/Dockerfile b/metricbeat/Dockerfile new file mode 100644 index 00000000..f3996868 --- /dev/null +++ b/metricbeat/Dockerfile @@ -0,0 +1,44 @@ +# syntax=docker/dockerfile:1.2 + +############################################################################# +# NOTICE # +# # +# This software (or technical data) was produced for the U.S. Government # +# under contract, and is subject to the Rights in Data-General Clause # +# 52.227-14, Alt. IV (DEC 2007). # +# # +# Copyright 2020 The MITRE Corporation. All Rights Reserved. # +############################################################################# + +############################################################################# +# Copyright 2020 The MITRE Corporation # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################# + +FROM docker.elastic.co/beats/metricbeat:7.10.1 + +COPY docker-entrypoint.sh /scripts/ + +ENTRYPOINT ["/scripts/docker-entrypoint.sh"] + +# Taken from base image +CMD ["-e"] + +# Inherit "license", "org.label-schema.license", and "org.label-schema.usage" from base image. +LABEL org.label-schema.build-date="" \ + org.label-schema.name="OpenMPF Metricbeat" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.url="https://openmpf.github.io" \ + org.label-schema.vcs-url="https://github.com/openmpf" \ + org.label-schema.vendor="MITRE" diff --git a/metricbeat/docker-entrypoint.sh b/metricbeat/docker-entrypoint.sh new file mode 100755 index 00000000..a5df6ee9 --- /dev/null +++ b/metricbeat/docker-entrypoint.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +############################################################################# +# NOTICE # +# # +# This software (or technical data) was produced for the U.S. Government # +# under contract, and is subject to the Rights in Data-General Clause # +# 52.227-14, Alt. IV (DEC 2007). # +# # +# Copyright 2020 The MITRE Corporation. All Rights Reserved. # +############################################################################# + +############################################################################# +# Copyright 2020 The MITRE Corporation # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +############################################################################# + +set -o errexit -o pipefail + +until curl --silent --fail --head 'http://kibana:5601' > /dev/null ; do + echo 'Kibana is unavailable. Sleeping.' + sleep 5 +done + +set -o xtrace + +echo 'Checking if index pattern exists...' +index_url='http://kibana:5601/api/saved_objects/index-pattern/metricbeat-index' +if curl --silent --fail --head "$index_url"; then + echo 'Index pattern already exists.' +else + echo 'Creating index pattern and visualizations...' + metricbeat setup -E setup.kibana.host=kibana:5601 -E output.elasticsearch.hosts=elasticsearch:9200 # DEBUG + # metricbeat setup + echo 'Successfully created index pattern and visualizations' +fi + +# Call base image's entry point +exec /usr/local/bin/docker-entrypoint "$@" From a839dfd16eed306c49f8c27dfab0bea21c9eb1a2 Mon Sep 17 00:00:00 2001 From: Jeff Robble Date: Tue, 29 Dec 2020 16:44:23 -0500 Subject: [PATCH 03/10] No longer need to use Docker "configs". --- docker-compose.elk.yml | 1 + metricbeat/Dockerfile | 2 ++ metricbeat/metricbeat.yml | 19 +++++++++++++++++++ 3 files changed, 22 insertions(+) create mode 100644 metricbeat/metricbeat.yml diff --git a/docker-compose.elk.yml b/docker-compose.elk.yml index 932895d6..a3163027 100644 --- a/docker-compose.elk.yml +++ b/docker-compose.elk.yml @@ -29,6 +29,7 @@ services: XPACK_APM_ENABLED: 'false' XPACK_CANVAS_ENABLED: 'false' XPACK_FLEET_ENABLED: 'false' + XPACK_FLEET_AGENTS_ENABLED: 'false' XPACK_GRAPH_ENABLED: 'false' XPACK_INFRA_ENABLED: 'false' XPACK_MAPS_ENABLED: 'false' diff --git a/metricbeat/Dockerfile b/metricbeat/Dockerfile index f3996868..854f49db 100644 --- a/metricbeat/Dockerfile +++ b/metricbeat/Dockerfile @@ -30,6 +30,8 @@ FROM docker.elastic.co/beats/metricbeat:7.10.1 COPY docker-entrypoint.sh /scripts/ +COPY metricbeat.yml /usr/share/metricbeat/metricbeat.yml + ENTRYPOINT ["/scripts/docker-entrypoint.sh"] # Taken from base image diff --git a/metricbeat/metricbeat.yml b/metricbeat/metricbeat.yml new file mode 100644 index 00000000..96116d2a --- /dev/null +++ b/metricbeat/metricbeat.yml @@ -0,0 +1,19 @@ +metricbeat.config: + modules: + path: ${path.config}/modules.d/*.yml + # Reload module configs as they change: + reload.enabled: false + +metricbeat.modules: +- module: activemq + metricsets: ['broker', 'queue', 'topic'] + period: 10s + hosts: ['activemq:8161'] + path: "api/jolokia" + username: admin # default username + password: admin # default password + +output.elasticsearch: + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}' + username: '${ELASTICSEARCH_USERNAME:}' + password: '${ELASTICSEARCH_PASSWORD:}' From 75e6f7fe5e7580fcbebf2985111c5815d176f044 Mon Sep 17 00:00:00 2001 From: Jeff Robble Date: Tue, 29 Dec 2020 17:07:15 -0500 Subject: [PATCH 04/10] Add metricbeat service. --- docker-compose.elk.yml | 19 +++++++++++++++++++ metricbeat/docker-entrypoint.sh | 7 +++---- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/docker-compose.elk.yml b/docker-compose.elk.yml index a3163027..3d1892d7 100644 --- a/docker-compose.elk.yml +++ b/docker-compose.elk.yml @@ -72,6 +72,25 @@ services: depends_on: - elasticsearch + metricbeat: + image: openmpf_metricbeat:latest + build: metricbeat + command: + - -e + - -E + - logging.level=warning + user: root + environment: + ELASTICSEARCH_HOSTS: http://elasticsearch:9200 + KIBANA_HOST: kibana:5601 + depends_on: + - activemq + - elasticsearch + - kibana + deploy: + placement: + constraints: + - node.role == manager volumes: elastic_search_data: diff --git a/metricbeat/docker-entrypoint.sh b/metricbeat/docker-entrypoint.sh index a5df6ee9..dfd6f691 100755 --- a/metricbeat/docker-entrypoint.sh +++ b/metricbeat/docker-entrypoint.sh @@ -28,7 +28,7 @@ set -o errexit -o pipefail -until curl --silent --fail --head 'http://kibana:5601' > /dev/null ; do +until curl --silent --fail --head "http://${KIBANA_HOST}" > /dev/null ; do echo 'Kibana is unavailable. Sleeping.' sleep 5 done @@ -36,13 +36,12 @@ done set -o xtrace echo 'Checking if index pattern exists...' -index_url='http://kibana:5601/api/saved_objects/index-pattern/metricbeat-index' +index_url="http://${KIBANA_HOST}/api/saved_objects/index-pattern/metricbeat-index" if curl --silent --fail --head "$index_url"; then echo 'Index pattern already exists.' else echo 'Creating index pattern and visualizations...' - metricbeat setup -E setup.kibana.host=kibana:5601 -E output.elasticsearch.hosts=elasticsearch:9200 # DEBUG - # metricbeat setup + metricbeat setup -E setup "kibana.host=${KIBANA_HOST}" echo 'Successfully created index pattern and visualizations' fi From e806930a8b632d5213b224939b1b4ef701d69050 Mon Sep 17 00:00:00 2001 From: Jeff Robble Date: Tue, 29 Dec 2020 17:50:24 -0500 Subject: [PATCH 05/10] Update comment. --- docker-compose.elk.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker-compose.elk.yml b/docker-compose.elk.yml index 3d1892d7..2f89f8b3 100644 --- a/docker-compose.elk.yml +++ b/docker-compose.elk.yml @@ -36,12 +36,13 @@ services: XPACK_ML_ENABLED: 'false' XPACK_MONITORING_ENABLED: 'false' XPACK_REPORTING_ENABLED: 'false' - # Enable security yourself: https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html XPACK_ROLLUP_ENABLED: 'false' - XPACK_SECURITY_ENABLED: 'false' XPACK_SPACES_ENABLED: 'false' NEWSFEED_ENABLED: 'false' MONITORING_ENABLED: 'false' + # NOTE: Do not use this stack in production without first enabling security: + # https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html + XPACK_SECURITY_ENABLED: 'false' ports: - '5601:5601' depends_on: From b422f89a670769c1995a1b849dcce85d170f9c22 Mon Sep 17 00:00:00 2001 From: Jeff Robble Date: Tue, 29 Dec 2020 21:24:01 -0500 Subject: [PATCH 06/10] Update use of env. vars. --- docker-compose.elk.yml | 3 --- metricbeat/docker-entrypoint.sh | 18 ++++++++++-------- metricbeat/metricbeat.yml | 2 ++ 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/docker-compose.elk.yml b/docker-compose.elk.yml index 2f89f8b3..cba7194c 100644 --- a/docker-compose.elk.yml +++ b/docker-compose.elk.yml @@ -81,9 +81,6 @@ services: - -E - logging.level=warning user: root - environment: - ELASTICSEARCH_HOSTS: http://elasticsearch:9200 - KIBANA_HOST: kibana:5601 depends_on: - activemq - elasticsearch diff --git a/metricbeat/docker-entrypoint.sh b/metricbeat/docker-entrypoint.sh index dfd6f691..0154a18c 100755 --- a/metricbeat/docker-entrypoint.sh +++ b/metricbeat/docker-entrypoint.sh @@ -28,22 +28,24 @@ set -o errexit -o pipefail +KIBANA_HOST="${KIBANA_HOST:-kibana:5601}" + until curl --silent --fail --head "http://${KIBANA_HOST}" > /dev/null ; do - echo 'Kibana is unavailable. Sleeping.' + echo "Kibana is unavailable. Sleeping." sleep 5 done -set -o xtrace - -echo 'Checking if index pattern exists...' +echo "Checking if index pattern exists..." index_url="http://${KIBANA_HOST}/api/saved_objects/index-pattern/metricbeat-index" if curl --silent --fail --head "$index_url"; then - echo 'Index pattern already exists.' + echo "Index pattern already exists." else - echo 'Creating index pattern and visualizations...' - metricbeat setup -E setup "kibana.host=${KIBANA_HOST}" - echo 'Successfully created index pattern and visualizations' + echo "Creating index pattern and visualizations..." + metricbeat setup + echo "Successfully created index pattern and visualizations" fi +set -o xtrace + # Call base image's entry point exec /usr/local/bin/docker-entrypoint "$@" diff --git a/metricbeat/metricbeat.yml b/metricbeat/metricbeat.yml index 96116d2a..5dee5a38 100644 --- a/metricbeat/metricbeat.yml +++ b/metricbeat/metricbeat.yml @@ -13,6 +13,8 @@ metricbeat.modules: username: admin # default username password: admin # default password +setup.kibana.host: '${KIBANA_HOST:kibana:5601}' + output.elasticsearch: hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}' username: '${ELASTICSEARCH_USERNAME:}' From fb2cd322fbff9e1be2a111b026f66bd461cc989c Mon Sep 17 00:00:00 2001 From: Jeff Robble Date: Wed, 30 Dec 2020 00:52:12 -0500 Subject: [PATCH 07/10] Fix metricbeat index check. Enable Logs view. --- docker-compose.elk.yml | 5 +++-- metricbeat/docker-entrypoint.sh | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docker-compose.elk.yml b/docker-compose.elk.yml index cba7194c..edbc825d 100644 --- a/docker-compose.elk.yml +++ b/docker-compose.elk.yml @@ -31,18 +31,19 @@ services: XPACK_FLEET_ENABLED: 'false' XPACK_FLEET_AGENTS_ENABLED: 'false' XPACK_GRAPH_ENABLED: 'false' - XPACK_INFRA_ENABLED: 'false' XPACK_MAPS_ENABLED: 'false' XPACK_ML_ENABLED: 'false' XPACK_MONITORING_ENABLED: 'false' XPACK_REPORTING_ENABLED: 'false' XPACK_ROLLUP_ENABLED: 'false' - XPACK_SPACES_ENABLED: 'false' NEWSFEED_ENABLED: 'false' MONITORING_ENABLED: 'false' # NOTE: Do not use this stack in production without first enabling security: # https://www.elastic.co/guide/en/kibana/current/security-settings-kb.html XPACK_SECURITY_ENABLED: 'false' + # The following two settings are needed for Logs view: + XPACK_INFRA_ENABLED: 'true' + XPACK_SPACES_ENABLED: 'true' ports: - '5601:5601' depends_on: diff --git a/metricbeat/docker-entrypoint.sh b/metricbeat/docker-entrypoint.sh index 0154a18c..7c9edf84 100755 --- a/metricbeat/docker-entrypoint.sh +++ b/metricbeat/docker-entrypoint.sh @@ -36,7 +36,7 @@ until curl --silent --fail --head "http://${KIBANA_HOST}" > /dev/null ; do done echo "Checking if index pattern exists..." -index_url="http://${KIBANA_HOST}/api/saved_objects/index-pattern/metricbeat-index" +index_url="http://${KIBANA_HOST}/api/saved_objects/index-pattern/metricbeat-*" if curl --silent --fail --head "$index_url"; then echo "Index pattern already exists." else From 4e33ebdf3f0547bf4f0affad097500055f130912 Mon Sep 17 00:00:00 2001 From: Jeff Robble Date: Fri, 1 Jan 2021 10:16:07 -0500 Subject: [PATCH 08/10] Resolve registry issue. --- docker-compose.elk.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.elk.yml b/docker-compose.elk.yml index edbc825d..8f6d7762 100644 --- a/docker-compose.elk.yml +++ b/docker-compose.elk.yml @@ -75,7 +75,7 @@ services: - elasticsearch metricbeat: - image: openmpf_metricbeat:latest + image: ${REGISTRY}openmpf_metricbeat:${TAG} build: metricbeat command: - -e From d887422039c54c501086d433c94584fdeba8b56c Mon Sep 17 00:00:00 2001 From: Jeff Robble Date: Wed, 6 Jan 2021 17:41:06 -0500 Subject: [PATCH 09/10] Set file permissions. --- metricbeat/Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/metricbeat/Dockerfile b/metricbeat/Dockerfile index 854f49db..25025542 100644 --- a/metricbeat/Dockerfile +++ b/metricbeat/Dockerfile @@ -32,6 +32,10 @@ COPY docker-entrypoint.sh /scripts/ COPY metricbeat.yml /usr/share/metricbeat/metricbeat.yml +# Metricbeat performs a security checK: +# 'config file ("metricbeat.yml") can only be writable by the owner' +RUN chmod 0644 /usr/share/metricbeat/metricbeat.yml + ENTRYPOINT ["/scripts/docker-entrypoint.sh"] # Taken from base image From e6131347ec3dc04a66d5bf0bfacbb24ede3299a1 Mon Sep 17 00:00:00 2001 From: Jeff Robble Date: Wed, 6 Jan 2021 18:19:02 -0500 Subject: [PATCH 10/10] Resolve permission issues. --- metricbeat/Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/metricbeat/Dockerfile b/metricbeat/Dockerfile index 25025542..e989cfd3 100644 --- a/metricbeat/Dockerfile +++ b/metricbeat/Dockerfile @@ -32,9 +32,12 @@ COPY docker-entrypoint.sh /scripts/ COPY metricbeat.yml /usr/share/metricbeat/metricbeat.yml -# Metricbeat performs a security checK: -# 'config file ("metricbeat.yml") can only be writable by the owner' +# Metricbeat performs security checks: +# - config file ("metricbeat.yml") must be owned by the user identifier (uid=0) or root +# - config file ("metricbeat.yml") can only be writable by the owner +USER root RUN chmod 0644 /usr/share/metricbeat/metricbeat.yml +USER metricbeat ENTRYPOINT ["/scripts/docker-entrypoint.sh"]